About Us

GDPR Transparency and Choice: Which Path Is Best?

Somer Simpson

Head of Product Management, Measure

The countdown is on until the General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. On that date, every website, mobile app, or entity that sets a cookie or tracks a consumer from Europe needs to be compliant. But what does that mean and how can it be accomplished to avoid any negative effects on your business?

The Path(s) to Consent

The good news is that many companies, and the industry as a whole, have been working on solutions for obtaining user consent for quite some time. But how do you know which solution to choose? It can be overwhelming, so let’s break down the options and some of their pros and cons. At the most basic level, you have three options: Buy a solution, build a solution, or partner with an entity on a solution.

Buy a solution: Most typically known as proprietary commercial systems, there are a handful of companies out there that are commercially offering a GDPR compliance solution for purchase. While these may enable certain desired features, it may be done without wider industry backing or compliance. Therefore, it carries some risk that it won’t gain wider adoption, causing you issues down the road if rules change, and contributing to a fragmented consumer experience, resulting in lower consent rates.

Build a solution, aka homegrown solutions: Sometimes you want to know what’s going into the recipe yourself. In the case of GDPR, this would mean building a compliance solution in house from scratch. While this may give you the most perceived control, it also requires significant resources. Also, you will still be required to comply with all rules of GDPR, which means you assume all risk of non-compliance.

Partner with an entity: The IAB Framework is the primary example in this case. IAB Europe, the leading industry association for the online advertising ecosystem in Europe, has worked to develop an industry-standard framework to help publishers, technology vendors, and marketers adhere to the transparency and user choice requirements of GDPR. Announced on March 8, 2018, this “Open Transparency & Consent” framework aims for consistency and simplicity in obtaining consent for all impacted parties, with two primary objectives:

To create a consistent user experience in which publishers can provide transparency to users about data being collected, how the data is being used, and which vendors are using it

To obtain user consent (or denial of consent)

Not only is this framework non-commercial (in some cases free!), but it will provide the industry a common language in which to provide transparency and request consumer consent for use of their data in order to deliver more relevant advertising and content. It also standardizes the collection of user consent for data processing and “signals” this information across the digital content and advertising supply chain. IAB Europe is also providing many publicly available resources to answer the most technical questions, such as a Technical FAQ, Policy FAQ, Javascript tech spec, etc., available in the Resources section of advertisingconsent.eu. And for those still interested in building your own solution, this provides you with an existing back end that you merely need to construct a front end for.

So which path is best? Enter the industry standard.

No matter which path you choose, adopting a solution based on a broad-based industry standard such as IAB Europe’s Open Transparency & Consent framework is likely the safest bet. Following the industry standard gives you the most options for making sure you are compliant while avoiding the costs of developing your own solution, or the risk of being locked into a single vendor or a costly annual contract.

In addition to being a technical standard, the IAB framework establishes a new type of solution provider: the Consent Management Provider (CMP).

A CMP solution enables publishers, brands, and ad tech companies an easy way in which to provide notice, choice, and control to users, while also obtaining consent for setting cookies and processing data.

Since they’re built on an open, non-commercial standard, there will be many CMP solutions to choose from — some that charge fees and some that are free, but, most importantly, all of which are based on the industry’s best guess on what is GDPR compliance.

Adopting a CMP based on the IAB framework offers the following benefits:

Out-of-the-box transparency for consumers, allowing them to know exactly who is using their personal data and for what purposes, even if consent is not the legal ground required for those vendors to operate

Easy administration of consent levels within your company from both a consumer-facing and internal experience

Consent management and support for both global consent (third-party cookies), or service-specific consent (first-party cookies) to support each company’s approach to obtaining consent

Decentralized solution development that increases the number of options companies have for a CMP solution, reducing dependency on a single development resource or company

Quantcast Choice is a consumer-facing transparency solution that makes it easy for publishers and advertisers to provide transparency to consumers and obtain, manage, and propagate consumer consent across their digital content and advertising ecosystem. Aimed at both publishers and advertisers, Quantcast Choice not only makes compliance with aspects of GDPR that govern transparency and consent possible, but makes it easier to manage the flow of consumer consent and protects the value of digital content across your digital ecosystem. For more information on Quantcast Choice, including testing the solution for yourself, visit Quantcast.com/GDPR/QuantcastChoice.

The path forward to GDPR

While the idea of getting your business fully up to speed with GDPR can seem daunting, the industry and its partners, including Quantcast, are working hard on solutions that follow the IAB Framework to simplify the process. Offering your users one touchpoint for consent is critical for keeping data collection alive and creating a more tailored internet experience for users across the web.